New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Port scanning help
Hello guys.
I got an abuse from hetzner that someone from my cPanel server (ssh access disabled for users) is scanning ports. Is there a option in centos/WHM to check who the hell he was?
Thank you guys!
edit: CSF is installed and configured and nothing got reported.
Comments
Check some logz
Hey joodle. What kind of logs Sir?
System logs?
Just take a peek in /var/logs
Thank you @joodle
What should I look for? Should be something with scanning?
Direct SSH access is not required to port scan, some PHP modules like exec can do this.
Thank you Sir. If I disable exec can this be stopped? Anyway, in what log file should I look and what should I look. Thank you
@BuyAds: at begin check ps/netstat to see if is still alive the 'attacker', may generate this scans some apps (maybe), if you cant see nothing suspicious here, check system logs/httpd logs, if still nothing try to scan your system with rkhunter and maybe check .php files for some backdoors